[gptalk] Re: Disable script for administrator account

  • From: "Ananth Rajagopal" <ananth.rg@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Thu, 23 Oct 2008 10:51:45 +0530

Dear Alan,

One more clarification...

There are Enterprise Admins, Enterprise Domain Controllers and  System
accounts by default in delegation, so can I remove these groups and just
keep Authenticated Users and Domain Admins group alone and give the
permissions as per your suggestion?

Thanks once again....

regards
Ananth.






On Thu, Oct 23, 2008 at 10:46 AM, Ananth Rajagopal <ananth.rg@xxxxxxxxx>wrote:

> Thank You Alan.....
>
> It seems the obvious method.... We will get back with our feedback soon..
>
> Thanks againg for the prompt response!! :-) Our day is just starting......
>
> regards
> Ananth.
>
>
>
>
> On Thu, Oct 23, 2008 at 10:32 AM, Alan & Margaret <syspro@xxxxxxxxxxxxxxxx
> > wrote:
>
>>  Hi Anath,
>>
>>
>>
>> If I understand you correctly, the critical thing is the APPLY permission.
>>
>>
>>
>> If you give READ and APPLY permission to Authenticated users and DENY
>> APPLY  to Domain Admins, everyone except Domain Admins will get it.
>>
>>
>>
>> If you give READ and APPLY permission to Domain Admin, only Domain Admins
>> will get it.
>>
>>
>>
>> Alan Cuthbertson
>>
>>
>>
>>
>>
>>  Policy Management Software (Now with ADMX and Preference support):-
>>
>> http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml
>>
>>
>>
>> ADM Template Editor(Now with ADMX support):-
>>
>> http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml
>>
>>
>>
>> Policy Log Reporter(Free)
>>
>> http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml
>>
>>
>>
>>
>>
>>
>>
>>
>>  ------------------------------
>>
>> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Ananth Rajagopal
>> *Sent:* Thursday, 23 October 2008 3:46 PM
>> *To:* gptalk@xxxxxxxxxxxxx
>> *Subject:* [gptalk] Disable script for administrator account
>>
>>
>>
>> Hi all,
>>
>> We have a script to change the  usbstor registry key value to 4 and
>> another script to deny permissions to users from running usbstor.inf and
>> usbstor.pnf files.
>>
>> In scope we have set "authenticated users"
>>
>> If we set deny permissions to the authenticated group and full control for
>> Domain Administrator group. Will the script be applicable for administrator
>> login as well? How can I stop the script from running for an Administrator
>> account.
>>
>> Kindly advice.
>>
>> regards
>> Ananth.
>>
>
>

Other related posts:

  1. Home
  2. gptalk
  3. Archive
  4. 10-2008